Twitter users can now login through Two-Factor Authentication without their phone numbers
The move comes after Twitter CEO Jack Dorsey’s account was hacked in spite of having 2FA.
November 25, 2019 / 04:49 PM IST
Micro-blogging site Twitter has released a new feature for Two-Factor Authentication (2FA). The highlight of this feature is that users no longer need a mobile phone number to login into their Twitter accounts. Currently, under 2FA, users need to enter a six-digit code that they receive via an SMS.
Twitter’s Safety team has announced the rollout of the new 2FA method for user authentication. “We want to give you the most secure experience on Twitter. Today, we updated our login process to support WebAuthn for an enhanced Two-Factor Authentication (2FA), so you can easily and securely authenticate your login with a single tap,” read the tweet.
WebAuthn is an API that allows for strong browser-to-hardware-based authentication using devices such as security keys, mobile phones (NFC, BLE), and other built-in authenticators such as Touch ID.
The move comes after Twitter CEO Jack Dorsey’s account was hacked in spite of having 2FA. Hackers used SIM swapping to post tweets on Dorsey’s Twitter account via text messages using his mobile number.
To enable the new method of 2FA, go to the ‘Accounts’ section and click on Security > Two-Factor Authentication. Next, click on Authentication app and scan the QR code to enter the six-digit code displayed in the app.
Kayvon Beykpour, Product lead at Twitter, said
that users can also unlink their already-linked App-Based 2FA by going to the Account settings while still keeping 2FA on.